GitHub makes 2FA mandatory for developer's accounts

Google Data Safety security lock cybersecurity

Two-factor authentication (2FA) will be mandatory for all GitHub accounts by the end of this year, TechRadar reports.

When it comes to software development, GitHub is the main venue for developers and those who want to dig into programming. The platform currently has over 100 million users. And given the importance of existing files and documents, it needs to ensure everything is safe.

The platform has now emailed administrators and developers to notify them that setting up a 2FA will become mandatory soon. The rest of the users are obligated to follow the order by the end of this year.


According to the company’s blog post, GitHub 2FA has started from March 13, and developers are required to enable one form of 2FA for their accounts. The platform further explains its goal is to “minimize unexpected interruptions and productivity loss for users and prevent account lockouts.”

2FA becomes mandatory for GitHub users by the end of 2023

Activating 2FA for GitHub accounts happens over time for different user groups. The platform selects target groups based on their actions and the code they’re currently working on. Each group has a deadline to adhere to the order and receives a notice approximately 45 days before the deadline.

If users miss the deadline, they’re asked to enable 2FA the first time they visit GitHub daily. After a week of neglect, their access to the platform will be cut off until they activate the 2FA for the account. GitHub also asks you to perform a 2FA checkup after 28 days to ensure everything is on the right track.


Additionally, GitHub allows you to choose between SMS, time-based one-time password (TOTP), and security keys as your preferred 2FA method. However, the platform’s recommended methods are security keys and TOTPs. SMS is less safe and no longer recommended under NIST 800-63B.

The leading software development platform has also prepared a guideline on how to configure 2FA or how to recover your account if you ever lost 2FA credentials.